[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: user authentication and changing passwords



Joseph,

Did you try adding these lines?

> > # Entry = dn and is needed to access the entries at all
> > access to attr=entry
> >  by * read

Have you looked at the /var/log/ldap.log file?  There may
be some clues in there.

Kelli

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Joseph Hoot
Sent: Monday, September 25, 2000 1:14 PM
To: openldap-software@OpenLDAP.org
Subject: Re: user authentication and changing passwords


sorry, left out a few lines of my slapd.conf.  Here they are:

# Allow clients to authenticate
access to
attr=objectclass,uid,host,uidnumber,gidnumber,homedirectory,loginshell,gecos
,description
        by dn="cn=Manager,dc=nowcom,dc=com" write
        by * read


> I have the following ACL:
>
> # Deny all unless specifically allowed
> defaultaccess   none
>
> # Allow the manager and user to change the user's password
> access to attr=userpassword
>         by self write
>         by dn="cn=Manager,dc=nowcom,dc=com" write
>         by * search
>
> # Allow the following fields to be seen by the world
> access to attr=mail,cn,sn,givenname,o,ou,title,uid,telephoneNumber
>         by * read
>
>
> I am trying to A) authenticate users still and B) allow them to change
their
> passwords.   Currently both of these aren't working with the above ACL.
>

Joseph Hoot
System Administrator
http://www.networkpenguin.com
joe@networkpenguin.com